| AC_GCP_0167 | Ensure Cassandra OpsCenter Monitoring (TCP:61620) is not exposed to entire internet for Google Compute Firewall | GCP | Infrastructure Security | HIGH |
| AC_GCP_0171 | Ensure Unencrypted Memcached Instances (UDP:11211) is not exposed to more than 32 private hosts for Google Compute Firewall | GCP | Infrastructure Security | LOW |
| AC_GCP_0173 | Ensure Unencrypted Memcached Instances (UDP:11211) is not exposed to entire internet for Google Compute Firewall | GCP | Infrastructure Security | HIGH |
| AC_GCP_0177 | Ensure Elastic Search (TCP:9300) is not exposed to more than 32 private hosts for Google Compute Firewall | GCP | Infrastructure Security | LOW |
| AC_GCP_0180 | Ensure Elastic Search (TCP:9200) is not exposed to more than 32 private hosts for Google Compute Firewall | GCP | Infrastructure Security | LOW |
| AC_GCP_0185 | Ensure Cassandra Thrift (TCP:9160) is not exposed to entire internet for Google Compute Firewall | GCP | Infrastructure Security | HIGH |
| AC_GCP_0187 | Ensure Cassandra Client (TCP:9042) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
| AC_GCP_0202 | Ensure Oracle DB (UDP:2483) is not exposed to more than 32 private hosts for Google Compute Firewall | GCP | Infrastructure Security | LOW |
| AC_GCP_0203 | Ensure Oracle DB (UDP:2483) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
| AC_GCP_0204 | Ensure Oracle DB (UDP:2483) is not exposed to entire internet for Google Compute Firewall | GCP | Infrastructure Security | HIGH |
| AC_GCP_0206 | Ensure Oracle DB (TCP:2483) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
| AC_GCP_0207 | Ensure Oracle DB (TCP:2483) is not exposed to entire internet for Google Compute Firewall | GCP | Infrastructure Security | HIGH |
| AC_GCP_0208 | Ensure Oracle DB (TCP:1521) is not exposed to more than 32 private hosts for Google Compute Firewall | GCP | Infrastructure Security | LOW |
| AC_GCP_0210 | Ensure Oracle DB (TCP:1521) is not exposed to entire internet for Google Compute Firewall | GCP | Infrastructure Security | HIGH |
| AC_GCP_0220 | Ensure Hadoop Name Node (TCP:9000) is not exposed to more than 32 private hosts for Google Compute Firewall | GCP | Infrastructure Security | LOW |
| AC_GCP_0226 | Ensure FTP (TCP:20) is not exposed to more than 32 private hosts for Google Compute Firewall | GCP | Infrastructure Security | LOW |
| AC_GCP_0227 | Ensure FTP (TCP:20) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
| AC_GCP_0235 | Ensure encryption is enabled for Google Cloud Storage Buckets | GCP | Infrastructure Security | MEDIUM |
| AC_AWS_0097 | Ensure VPC is enabled for AWS Redshift Cluster | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0164 | Ensure VPC access is enabled for AWS Lambda Functions | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0392 | Ensure public IP address is not used AWS EC2 instances | AWS | Infrastructure Security | HIGH |
| AC_AWS_0399 | Ensure public IP address is not assigned to Amazon Elastic Container Service (ECS) | AWS | Infrastructure Security | HIGH |
| AC_AWS_0578 | Ensure AWS NAT Gateways are used instead of default routes for AWS Route Table | AWS | Data Protection | HIGH |
| AC_AZURE_0092 | Ensure shared access policies are not used for IoT Hub Device Provisioning Service (DPS) | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0098 | Ensure that the attribute 'permissive_output_firewall_rules' in Defender for IoT is not set to false | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0101 | Ensure that the attribute 'shared_credentials' in Defender for IoT is not set to false | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0102 | Ensure that the attribute 'ip_filter_permissive_rule' in Defender for IoT is not set to false | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0109 | Ensure public IP addresses are not assigned to Azure Linux Virtual Machines | Azure | Security Best Practices | HIGH |
| AC_AZURE_0206 | Ensure cross account access is disabled for Azure SQL Firewall Rule | Azure | Identity and Access Management | MEDIUM |
| AC_AZURE_0261 | Ensure public network access is disabled for Azure Data Factory | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0308 | Ensure public access is disabled for Azure MySQL Single Server | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0353 | Ensure a site-to-site VPN functionality by making use of Azure Virtual WAN | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0374 | Ensure a firewall is attached to Azure SQL Server | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0383 | Ensure that 'Threat Detection' is enabled for Azure SQL Database | Azure | Logging and Monitoring | MEDIUM |
| AC_GCP_0248 | Ensure default service account is not used at organization level for Google Cloud | GCP | Identity and Access Management | HIGH |
| AC_K8S_0049 | Ensure ALLOW-with-positive-matching exist for Istio Authorization Object | Kubernetes | Infrastructure Security | MEDIUM |
| AC_K8S_0118 | Ensure overly broad host configuration is not allowed for Istio Gateway | Kubernetes | Infrastructure Security | HIGH |
| AC_AZURE_0337 | Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule | Azure | Logging and Monitoring | MEDIUM |
| AC_AWS_0317 | Ensure Elasticsearch (TCP,9200) is not accessible by a public CIDR block range | AWS | Infrastructure Security | HIGH |
| AC_AWS_0318 | Ensure Elasticsearch (TCP,9300) is not accessible by a public CIDR block range | AWS | Infrastructure Security | HIGH |
| AC_AWS_0370 | Ensure default VPC is not used for AWS VPC | AWS | Security Best Practices | MEDIUM |
| AC_AWS_0509 | Ensure Cassandra Internode Communication (TCP:7000) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
| AC_AWS_0514 | Ensure Cassandra Monitoring (TCP:7199) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
| AC_AWS_0517 | Ensure Cassandra OpsCenter Monitoring (TCP:61620) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
| AC_AWS_0528 | Ensure LDAP (UDP:389) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0529 | Ensure LDAP (UDP:389) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
| AC_AWS_0534 | Ensure Memcached SSL (UDP:11211) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0544 | Ensure Redis without SSL (TCP:6379) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
| AC_AWS_0199 | Ensure public access is disabled for AWS Redshift Clusters | AWS | Infrastructure Security | HIGH |
| AC_AWS_0234 | Ensure Security Groups do not have unrestricted specific ports open - Elasticsearch (TCP,9200) | AWS | Infrastructure Security | HIGH |
